Headline
GHSA-v9hf-5j83-6xpp: PyMySQL SQL Injection vulnerability
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict
.
PyMySQL SQL Injection vulnerability
Critical severity GitHub Reviewed Published May 21, 2024 to the GitHub Advisory Database • Updated May 21, 2024
Related news
Red Hat Security Advisory 2024-4245-03 - An update for python3 is now available for Red Hat Enterprise Linux 8. Issues addressed include a remote SQL injection vulnerability.
Red Hat Security Advisory 2024-4244-03 - An update for python3.11-PyMySQL is now available for Red Hat Enterprise Linux 8. Issues addressed include a remote SQL injection vulnerability.
Ubuntu Security Notice 6801-1 - It was discovered that PyMySQL incorrectly escaped untrusted JSON input. An attacker could possibly use this issue to perform SQL injection attacks.
Debian Linux Security Advisory 5700-1 - An SQL injection was discovered in pymysql, a pure Python MySQL driver.